CVE-2013-7260
high
CVSS v3
—
VIR risk
7.5
Description
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| realnetworks | realplayer | {"endIncluding":"17.0.4.60"} | |
| realnetworks | realplayer | 2.1.2 | |
| realnetworks | realplayer | 2.1.3 | |
| realnetworks | realplayer | 2.1.4 | |
| realnetworks | realplayer | 4 | |
| realnetworks | realplayer | 5 | |
| realnetworks | realplayer | 6 | |
| realnetworks | realplayer | 7 | |
| realnetworks | realplayer | 8 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.2.1744 | |
| realnetworks | realplayer | 11.0.2.2315 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer | 11.1 | |
| realnetworks | realplayer | 11.1.3 | |
| realnetworks | realplayer | 11_build_6.0.14.748 | |
| realnetworks | realplayer | 12.0.0.1444 | |
| realnetworks | realplayer | 12.0.0.1548 | |
| realnetworks | realplayer | 14.0.0 | |
| realnetworks | realplayer | 14.0.1 | |
| realnetworks | realplayer | 14.0.1.609 | |
| realnetworks | realplayer | 14.0.2 | |
| realnetworks | realplayer | 14.0.3 | |
| realnetworks | realplayer | 14.0.4 | |
| realnetworks | realplayer | 14.0.5 | |
| realnetworks | realplayer | 15.0.0 | |
| realnetworks | realplayer | 15.0.4 | |
| realnetworks | realplayer | 15.0.4.43 | |
| realnetworks | realplayer | 15.0.5.109 | |
| realnetworks | realplayer | 15.0.6.14 | |
| realnetworks | realplayer | 15.02.71 | |
| realnetworks | realplayer | 16.0.0 | |
| realnetworks | realplayer | 16.0.0.282 | |
| realnetworks | realplayer | 16.0.1.18 | |
| realnetworks | realplayer | 16.0.2.32 | |
| realnetworks | realplayer | 16.0.3.51 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 12.0.0.1701 | |
| realnetworks | realplayer | 12.0.1.1737 | |
References
- http://service.real.com/realplayer/security/12202013_player/en/
- http://www.exploit-db.com/exploits/30468/
- http://www.kb.cert.org/vuls/id/698278
- http://www.securityfocus.com/bid/64695
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90160
- http://service.real.com/realplayer/security/12202013_player/en/
- http://www.exploit-db.com/exploits/30468/
- http://www.kb.cert.org/vuls/id/698278
- http://www.securityfocus.com/bid/64695
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90160
CWEs
CWE-119
💬 Discuss CVE-2013-7260 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.